Environment
Novell Filr 1.1 Appliance
Novell Filr 1.2 Appliance
Micro Focus Filr 2.0 Appliance
Micro Focus Filr 3.x Appliance
Novell Filr 1.2 Appliance
Micro Focus Filr 2.0 Appliance
Micro Focus Filr 3.x Appliance
Situation
Port redirection has been setup on Filr, but this only affects the primary network interface (NIC).
Although the Filr can be reached over the redirected ports towards the IP address bound to eth0, the other NIC(s) can only be used over the default ports (8080 and 8443).
Although the Filr can be reached over the redirected ports towards the IP address bound to eth0, the other NIC(s) can only be used over the default ports (8080 and 8443).
Resolution
In a Filr appliance, port redirection is taken care of by the SuSEfirewall2.
However, when setting up port redirection it only enables it for the IP address bound to the primary NIC.
To enable port redirection on the secondary NIC(s) you have to go trough these steps, performed on the server prompt via the hypervisor or via ssh.
However, when setting up port redirection it only enables it for the IP address bound to the primary NIC.
To enable port redirection on the secondary NIC(s) you have to go trough these steps, performed on the server prompt via the hypervisor or via ssh.
- Setup the regular port redirection as descried in the regular documentation.
- Stop the SuSE firewall (rcSuSEfirewall2 stop)
- vi /etc/sysconfig/SuSEfirewall2
- Search for the FW_REDIRECT string and adjust the line so it reads (all in one line):
FW_REDIRECT="0/0,ip_address1,tcp,443,8443 0/0,ip_address1,tcp,80,8080 0/0,ip_address2,tcp,443,8443 0/0,ipaddress2,tcp,80,8080"
- Safe the file
- Start the SuSE firewall (rcSuSEfirewall2 start).
Additional Information
Replace the ip_address* with the actual IP address bound to the specific NIC.
For instance for a Filr appliance with IP 192.168.144.200 bound to eth0 and 10.20.30.200 bound to eth1
the line for the SuSEFirewall2 configuration file would read:
The config line for a 3 NIC system would then for instance read:
This change will not persist an appliance upgrade, that requires the system disk to be replaced.
For instance, when this has been implemented on Filr 2, it needs to be re-implemented manually after upgrading to Filr 3.
In case the documented procedure for port redirection fails on a Filr system with a single NIC, this same procedure can be used. The configuration would then read:
For instance for a Filr appliance with IP 192.168.144.200 bound to eth0 and 10.20.30.200 bound to eth1
the line for the SuSEFirewall2 configuration file would read:
FW_REDIRECT="0/0,192.168.144.200,tcp,443,8443 0/0,192.168.144.200,tcp,80,8080 0/0,10.20.30.200,tcp,443,8443 0/0,10.20.30.200,tcp,80,8080"In case the Filr system has been setup with even more then 2 NICs, an additional entry containing the string 0/0,ip_addressx,tcp,443,8443 0/0,ip_addressx,tcp,80,8080 needs to be added.
The config line for a 3 NIC system would then for instance read:
FW_REDIRECT="0/0,192.168.144.200,tcp,443,8443 0/0,192.168.144.200,tcp,80,8080 0/0,10.20.30.200,tcp,443,8443 0/0,10.20.30.200,tcp,80,8080 0/0,192.168.181.200,tcp,443,8443 0/0,192.168.181.200,tcp,80,8080"
This change will not persist an appliance upgrade, that requires the system disk to be replaced.
For instance, when this has been implemented on Filr 2, it needs to be re-implemented manually after upgrading to Filr 3.
In case the documented procedure for port redirection fails on a Filr system with a single NIC, this same procedure can be used. The configuration would then read:
FW_REDIRECT="0/0,ip_address,tcp,443,8443 0/0,ip_address,tcp,80,8080"